keytab created on MIT KDC with des3 enctype does not work with heimdal
Russ Allbery
rra at stanford.edu
Thu Jun 8 20:40:49 EDT 2006
Arati Desai <artipdesai at yahoo.com> writes:
> I have a kerb5 setup with MIT KDC and heimdal client
> APIs to perform kerb5 authentication. I have created
> principals without specifying any keysaltlist. A
> keytab is created by running ktadd. klist shows-
> -bash2-2.05b$ sudo ktutil -k
> /tmp/osqa2.domain.com.keytab list
> /tmp/osqa2.domain.com:
> Vno Type Principal
> 5 des3-cbc-sha1 imap/osqa2.domain.com at DOMAIN.COM
> 5 des-cbc-crc imap/osqa2.domain.com at DOMAIN.COM
> (Note: I have replace domain with actual domain name)
> With this keytab, heimdal client gives authentication
> failure. When I debugged the code I found that it is
> failing in verify_checksum function.
Read the COMPATIBILITY section of the gssapi(3) man page. Could that be
your problem?
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list